FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-24 11:27:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
51358314-bec8-11e5-82cd-bcaec524bf84	claws-mail -- no bounds checking on the output buffer in conv_jistoeuc, conv_euctojis, conv_sjistoeuc DrWhax reports: So in codeconv.c there is a function for Japanese character set conversion called conv_jistoeuc(). There is no bounds checking on the output buffer, which is created on the stack with alloca() Bug can be triggered by sending an email to TAILS_luser@riseup.net or whatever. Since my C is completely rusty, you might be able to make a better judgment on the severity of this issue. Marking critical for now. Discovery 2015-11-04 Entry 2016-01-19 claws-mail < 3.13.2 CVE-2015-8614 https://security-tracker.debian.org/tracker/CVE-2015-8614
a59afa47-c930-11dc-810c-0016179b2dd5	claws-mail -- insecure temporary file creation Nico Golde reports: A local attacker could exploit this vulnerability to conduct symlink attacks to overwrite files with the privileges of the user running Claws Mail. Discovery 2007-12-03 Entry 2008-01-22 Modified 2008-02-12 claws-mail < 3.1.0 26676 CVE-2007-6208 http://www.gentoo.org/security/en/glsa/glsa-200801-03.xml http://security.gentoo.org/glsa/glsa-200801-03.xml http://secunia.com/advisories/27897

VuXML ID

Description

51358314-bec8-11e5-82cd-bcaec524bf84

claws-mail -- no bounds checking on the output buffer in conv_jistoeuc, conv_euctojis, conv_sjistoeuc

DrWhax reports:

So in codeconv.c there is a function for Japanese character set conversion called conv_jistoeuc(). There is no bounds checking on the output buffer, which is created on the stack with alloca() Bug can be triggered by sending an email to TAILS_luser@riseup.net or whatever. Since my C is completely rusty, you might be able to make a better judgment on the severity of this issue. Marking critical for now.

Discovery 2015-11-04
Entry 2016-01-19
claws-mail

< 3.13.2

CVE-2015-8614
https://security-tracker.debian.org/tracker/CVE-2015-8614

a59afa47-c930-11dc-810c-0016179b2dd5

claws-mail -- insecure temporary file creation

Nico Golde reports:

A local attacker could exploit this vulnerability to conduct symlink attacks to overwrite files with the privileges of the user running Claws Mail.

Discovery 2007-12-03
Entry 2008-01-22
Modified 2008-02-12
claws-mail

< 3.1.0

26676
CVE-2007-6208
http://www.gentoo.org/security/en/glsa/glsa-200801-03.xml
http://security.gentoo.org/glsa/glsa-200801-03.xml
http://secunia.com/advisories/27897